Back to blog

Protect your organization’s domains from Spoofing

It has been a while since the General Data Protection Regulation has taken a place. Regulation Article 28., Point 3, (f) sub-point for us as processor means that we have to help you as the controller to carry out appropriate technical and organizational measures to ensure the safety of data processing.

One of the safety measures that your organization should follow is to protect your organization’s domain to limit unauthorized, fraudulent (phishing, spoofing) email mailing from your organization domain’s name.

An easy example of how a fraudulent email sending may be done – the third party acquires email database using various methods, that possibly contains some of your clients’ data. Then this third party prepares email campaigns in their system from your company’s domain’ s name and content style and sends it requiring to open an infected file, click on an infected link, pay an invoice or just fill out a form.

Based on Verizon data, around 30% of this kind of email mailings have been opened and 12% open this kind of attachments or links, also around 41% of the World’s population can’t tell for sure if the email is fraudulent (Reference: Symantec). The volume of Phishing emails decreases, however, it is the 4th most popular type of crime on the Internet (Reference: FBI).

Based on that it is crucial to think and ask yourself following questions:

Would a fraud be interested in sending emails to employees of my organization, for example, accountant?

How would a fraud benefit from sending emails in the name of my organization’s domain?

How would fraudulent emails impact my organization?

What would I have to take in consideration if fraudulent emails would be sent out?

Is it possible for a fraud to steal a database from my organization?

Is your organization included in a bank, payment system, internet portal or internet shop category?

If answering any of these questions makes you feel that your organization’s domain might be used for a fraud to benefit from it, then you have to protect your domain with email authentication protocols – SPF, DKIM, DMARC and keep up with your ‘s mailings.

In this visual representation you can see how the protection works using DMARC authentication protocol:
DMARC-infographicENlight

Click here and download the dark version of this infographic.  

We here in Mailigen do the email mailing from authenticated domains including our introduction to DMARC protection and following the email flow that is sent from our domains globally. We have helped dozens of clients to authenticate their domains and to set up DMARC protection. If you are interested in setting up authentication protocols for your organization’s domain, check this tutorial on how to authenticate your organization’s domain in the Mailigen platform with SPF and DKIM protocols. In it, you will find information on why authentication is necessary and how to set it up, but to find out more about DMARC protocol, watch this video.

Setting up SPF and DKIM can be an easier process for people with knowledge in IT. Setting up DMARC for your domain depending on the size of the organization can take from 1 to 3 months. When setting up DMARC protocol, you have to keep up with what is being sent from your organization’s domain with a failed authentication and in the meantime adapt organization’s email systems for the authentication to be in place.

We have experience in this field which is why Mailigen can offer your organization help with setting up SPF and DKIM protocols. Also evaluating your organization’s domain’s email mailing systems, we can arrange setting up DMARC. Contact us!

Authenticating organization’s domain is a proactive step towards safer data processing in a company. Setting up DMARC will help to protect your organization’s domain’s reputation leading to better email delivery in an inbox.  

If this article hasn’t convinced you to step up to protect mailings from your organization’s domain, we suggest to check some of the articles from well-known organizations, who recommend DMARC protection – Google, ReturnPath, Microsoft, Facebook, LinkedIn, and articles by some country governments who have taken a stand for DMARC against cyber criminals – USA, UK, Australia. We have to mention that the USA thanks to a directive in a small amount of time have set up DMARC protection for 70% of the government’s domains.

If you are ready to authenticate and protect your organization’s domain and you need our help, we will look forward to hearing from you!

 

Protect your organization’s domains from Spoofing
Tweet about this on TwitterShare on FacebookShare on LinkedInShare on Google+Pin on PinterestEmail this to someone

© 2010-2018 Mailigen. All rights reserved.